Not like that other internet site that sells everything about you except your underwear to the highest bidder, and forces you to use your real name for everything.

I think you mean to imply that Google do in fact sell information about you and I don't think there's any evidence of that. They gather as much info as they can, they use it and aim to profit from it by advertising to you - and that may be bad enough - but as far as I can tell they don't sell it to anyone else, rather they hoard it and preserve it as their own goldmine. Am I wrong?

Yes. It's good to know that Google is insuring they are the only party that will be eavesdropping on your searches. They'll protect you, and as a value-add prevent their competitors from eavesdropping.

Current versions(from 14 forward I think, but no definitely not older than that without an addon/changed search) uses HTTPS for the default Google search bar. Don't know about searches from the Awesome bar.

I always remove the search bar, and have all address bar suggestions turned off, but TFS has me worried. It mentions searching from the address bar.When I type or paste a URL into the address bar, it doesn't get sent to a search engine, does it?

I always remove the search bar, and have all address bar suggestions turned off, but TFS has me worried. It mentions searching from the address bar.When I type or paste a URL into the address bar, it doesn't get sent to a search engine, does it?

It can, depending on your browser and typing skills. Some browsers, if they can't find a server matching what you typed, they will send the string to your "default" search engine, or in one case Google no matter what.So when you by mistake enter http;//www.redtube.com/, chances are good that Google will log that you tried to access that site.

However you want it to. Just click the drop down arrow at the left of the search box, and it will give you a selection of engines. If you want Google SSL, it's there. If you want Duck Duck Go, it's there. Mine even has Wikipedia, Twitter, and Amazon entries.

I'm not sure how comprehensive the default install is, this particular selection of search engines might have been configured by the person who packages it for Debian.

Good call. Added Google SSL to the search bar. I use https://encrypted.google.com/ [google.com] as my normal Google page. Main reason for that is i prefer the results opened a new tab rather then showing in whatever page i happen to search from, or having open a new tab.

I'm not sure how comprehensive the default install is, this particular selection of search engines might have been configured by the person who packages it for Debian.

It probably comes with a few out of the box, but Chrome also automatically adds other sites to the list as you use them. I'm not sure how it works, exactly, but I think Chrome uses some sort of heuristic to recognize sites that provide a search function of some sort, and adds them to the list. My browser has several dozen different "search" sites in the list, including many that I didn't even realize had a search function.

Another non-obvious and really useful feature is that you can edit the "keyword" for

I've experienced what he's talking about, though I can't remember if it was with HTTPS Everywhere for Chrome or Firefox. I think that what happens is that the HTML (and maybe the JS) for a particular page come down over the HTTPS link, but for some reason, the CSS and/or various other pieces don't, and get pulled down over HTTP... or perhaps they fail entirely. Like they come from a CDN or something that doesn't do HTTPS but that shares a root DNS name that HTTPS Everywhere is programmed to re-write.

I think that one using Google would worrying about security of their searches a little funny and ironic. The Google way: Give us access to all your Email, all your contacts, your location, your calls, the apps you install, all your searches, all your comments on Google+, your research on Google Maps, your shopping, all your purchases with Google Wallet, tracking you with Adsense from millions of sites, storing your passwords in Google's browsers, recording your network passwords in your Android accounts,

WTF does that mean? i should spread my personal information across a variety of website. yeah, good advice.

do i trust google more than whatever nefarious entity runs startpage.com? i sure do. i know google will do everything possible not to expose my persona info, because if they did, their business would go down the toilet. how many people would keep using gmail, search, etc if they knew google was leaking personal data to 3rd party companies? they have a financial interest in protecting my data. sure that

You might trust Google, but do you really want to trust them with EVERYTHING? If you separate off your searching to something else, it greatly enhances your privacy, especially since you are not "signed in" to something like Startpage. I am not saying that Startpage is some great, perfect system (pick something else, then). All I am saying is that from a privacy standpoint, it makes sense to not to give ALL your data to one entity. Hence- not putting all your eggs in one basket.

Google is the one with billions in profits to safeguard, not you. Connecting to them securely will safeguard their proprietary database of your every move from the prying eyes of competitors such as Comcast (unless of course they pay tribute to google first, like anybody else who wants to know what you've been up to). And you don't find that terribly exciting?

You forgot a big one (although your list is great and somewhat frightening). Use their Google DNS server and they have access to every site you browse to in the course of the day. Another one: give them access to your calendar and to-do list and they can do even more fine-grained profiling of what ads to show you that may be more closely aligned with your shopping habits.

It scares me, and I own a Google Nexus 7 tablet, which I love. I'm trying to mitigate the risk by surfing the web with Opera, searching

I now use the https://addons.mozilla.org/en-us/firefox/addon/googlesharing/ [mozilla.org] add-on for FF. This is basically a proxy that is used only for your google searches. It stops Google from profiling you based on your IP address when you search by inserting a middle-man. Together with HTTPS-Everywhere and no logins to Google in the browser I think it's a pretty good setup. You have to trust the GoogleSharing people for not doing what Google does to begin with though:)

It's been a while but I used an addon called Add to Search Bar and I think I just right click on the search field while I was at https://encrypted.google.com/ [google.com] then it gave an option for me to add this field to the search engines. It doesn't provide real time suggestions but I don't care about that.

Yeah, because there is something just so classy and sexy about a browser that doesn't tell you what is going or and is resistant to customizations. Even sexier when it is tied to Google, is closed source, and does who-knows-what with all that stuff you do/see/search (Chrome is secret, like IE... at least Chromium you can see inside the code, like Firefox).

Well played, indeed.

People using Chrome and who are also worried about a third party seeing their search queries: priceless.

Of course not- nobody does that (or do they?) But the point is that there is MUCH smaller chance that anyone outside of Google knows what is going on inside their Chrome code when compared to an open-source browser.

You do realize that Chrome and the javascript and rendering engines it's built on are open source, right? You also realize that Chrome is just a release version of Chromium (with a few extra goodies thrown in like flash player and PDF viewer), right? You also realize you can use a tool like Fiddler to see exactly what Chrome sends over the wire if you don't trust what it reports in it's own dev tools, right? The only part of Chrome that could be considered sketchy is RLZ, but they made that open source s

1) Chrome is not open source. It is based on Chromium, which is open sourced, but the build Google takes is not identical code. They can put anything in it they wish.

2) Fiddler is a proxy, as such, the browser will know it is not directly connected.

3) Even if one could capture all data as it would normally travel, it doesn't mean one would be able to understand everything it sends. If a blob of data goes to Google at some point, especially when already connecting to their servers with every other page doing adsense, exactly how are we mere, non-Google mortals going to know it is all above-the-board?

4) Again, RLZ might be open source, but their COMPILE of CHROME that contains it is not... so what you see might not be what you get. Open-source projects, like Firefox, Linux, OpenOffice, etc, are examined and compiled by third parties and not primarily distributed as a owner/maker binary. Even Chromium seems to be obfuscated in ways that make it unsuitable for others to compile and distribute: http://ostatic.com/blog/making-projects-easier-to-package-why-chromium-isnt-in-fedora [ostatic.com]

I am not saying Chrome *is* spyware. But I am saying it has the ability to be, and it might be, and we can't really know. It is being released by a company who has a lot to gain by gathering as much info as possible, and a lot of practice doing so (and a huge, unquestioning following).

3) Blob? Are you referring to some encrypted transmission? It's pretty damn easy to detect adsense transmissions. There could just as easily be secret transmissions in any Firefox build as well since whoever is doing the build can inject anything they want in there. At the end of the day, you're still putting trust in some third-party to not steal your keystrokes or do whatever

When I type "wiki foo" it searches for "foo" at Wikipedia.When I type "def foo" it searches for the definition of "foo"When I type "imdb foo" it searches on IMDB for the movie or show "foo"Etc...

I find this easier than using a dedicated search box, since I never have to use the mouse. Ctrl-L, and start typing, or Ctrl-N for a new tab with the "omnibar" selected. I probably have 25 or keyword searches set up, though I only use around 5 of them commonly. And with Chrome m

Google does this because they value privacy: the privacy of the data of every aspect of your personal and professional life. The privacy of this data has great value ($$$). Some other company getting hold of this data would certainly lessen its value.

I know you're just trying to get a cheap laugh from the paranoid crowd, but this is actually one of the best arguments about why Google will never sell your data to anyone. Analyzing it to make their own services better is the most valuable use for it, so they'd be stupid to let it out of the company.

Do surveillance agencies have some way of accessing all of this data in spite of it being encrypted in transport?

As the other commenter said, they can probably get it from Google et al.

As for "in flight": It is quite likely (by my own paranoid estimation only) that governments have access to a SSL root CA. OSes and browsers come installed with hundreds of Root CA certificates, and the gov't would only have to get a private key from one of them to be able to decrypt your SSL tracffic. For example, the makers of Stuxnet got themselves a root CA cert for installing applications (it may not have been strictly needed for t

Correction: if you are one of the diligent people who actually clicks on the SSL information dialogue and checks the certificate chain, then they would have to get the right CA in order to fool you.

I think it's safe to assume that the surveillance agencies of any given government have the private keys of every CA located within their borders. And probably those of their allies, and as many others as they've been able to obtain.

It's great that google continues to put these security improvements into Chrome. But what I also would like to see would be the ability to set a proxy that is not the system proxy, something that IE, Opera and Firefox have been able to to from day 1. Why is Chrome so far behind in this aspect?

I use google web stuff, but I don't uninstall their native products. I can't imagine why GTalk client or Chrome require multiple services to be installed on Windows. I don't see any other Browsers or Chat clients installing Windows services.

I'm not concerned with other actors, I'm concerned with google. When will they release a setting that allows us to prevent them from gathering information on us? Shouldn't be too hard to dish out results without logging them. But yeah, I'd say google is the biggest privacy threat, not "other actors"

I think this is a double edged sword, as everything Internet-related seems to be these days. Yes, they protect the users' search. Sort of. Really, they're just denying access to that data to everyone except themselves, since Google knows damned well what you're searching for. Yes, the user is protected, but they've actually just heightened the walled garden a bit.

I also wonder if this isn't a push to get web-masters to use their stupid Google Analytics service. I use www.statcounter.com on my websites,